Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
5Activity
0 of .
Results for:
No results containing your search query
P. 1
172 Tactical Exploitation

172 Tactical Exploitation

Ratings: (0)|Views: 31|Likes:
Published by SpyDr ByTe

More info:

Published by: SpyDr ByTe on Mar 12, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/09/2013

pdf

text

original

 
Tactical Exploitation
OR
”The Other Way to Pen-Test”
OR
”Random Pwning Fun Bag”
Version 1.0.0
H D Moore (hdm[at]metasploit.com)Valsmith (valsmith[at]metasploit.com)
Last modified: 08/09/2007 
 
Contents
1.1 Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.2 Background. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3 Author Bio - HD Moore. . . . . . . . . . . . . . . . . . . . . . . 41.4 Author Bio - Valsmith. . . . . . . . . . . . . . . . . . . . . . . . 41.5 Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Vulnerabilties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.2 Competition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1 Personnel Discovery. . . . . . . . . . . . . . . . . . . . . . . . . 63.1.1 Search Engines. . . . . . . . . . . . . . . . . . . . . . . . 63.1.2 Paterva’s Evolution. . . . . . . . . . . . . . . . . . . . . 73.2 Network Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . 83.2.1 Discovery Services. . . . . . . . . . . . . . . . . . . . . . 83.2.2 Bounce Messages. . . . . . . . . . . . . . . . . . . . . . . 93.2.3 Virtual Hosting. . . . . . . . . . . . . . . . . . . . . . . . 103.2.4 Outbound DNS. . . . . . . . . . . . . . . . . . . . . . . . 103.2.5 Direct Contact. . . . . . . . . . . . . . . . . . . . . . . . 113.3 Firewalls and IPS. . . . . . . . . . . . . . . . . . . . . . . . . . . 113.3.1 Firewall Identification. . . . . . . . . . . . . . . . . . . . 123.3.2 IPS Identification. . . . . . . . . . . . . . . . . . . . . . . 123.4 Application Discovery. . . . . . . . . . . . . . . . . . . . . . . . 123.4.1 Slow and Steady wins the Deface. . . . . . . . . . . . . . 123.4.2 Finding Web Apps with W3AF. . . . . . . . . . . . . . . 133.4.3 Metasploit 3 Discovery Modules. . . . . . . . . . . . . . 133.5 Client Application Discovery. . . . . . . . . . . . . . . . . . . . 143.5.1 Browser Fingerprinting. . . . . . . . . . . . . . . . . . . 143.5.2 Mail Client Fingerprinting. . . . . . . . . . . . . . . . . . 153.5.3 SMB Client Fingerprinting. . . . . . . . . . . . . . . . . 153.6 Process Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . 163.6.1 Traffic Monitoring with IP IDs. . . . . . . . . . . . . . . 161
 
3.6.2 Web Site Monitoring with HTTP. . . . . . . . . . . . . . 173.6.3 Usage Monitoring with MS FTP. . . . . . . . . . . . . . 17
4.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194.2 External Networks. . . . . . . . . . . . . . . . . . . . . . . . . . 194.2.1 Attacking File Transfers. . . . . . . . . . . . . . . . . . . 194.2.2 Attacking Mail Services. . . . . . . . . . . . . . . . . . . 214.2.3 Attacking Web Servers. . . . . . . . . . . . . . . . . . . . 214.2.4 Attacking DNS Servers. . . . . . . . . . . . . . . . . . . 214.2.5 Attacking Database Servers. . . . . . . . . . . . . . . . . 224.2.6 Attacking NTLM Authentication. . . . . . . . . . . . . . 224.2.7 Free Hardware. . . . . . . . . . . . . . . . . . . . . . . . 234.3 Internal Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . 234.3.1 Web Proxy Auto-Discovery Protocol. . . . . . . . . . . . 244.3.2 Microsoft DNS Servers. . . . . . . . . . . . . . . . . . . . 244.3.3 Microsoft WINS Servers. . . . . . . . . . . . . . . . . . . 254.3.4 Exploiting NTLM Relays. . . . . . . . . . . . . . . . . . 254.3.5 SMB and Samba. . . . . . . . . . . . . . . . . . . . . . . 264.4 Trust Relationships. . . . . . . . . . . . . . . . . . . . . . . . . . 284.4.1 NFS Home Directories. . . . . . . . . . . . . . . . . . . . 294.4.2 Hijacking SSH. . . . . . . . . . . . . . . . . . . . . . . . 304.4.3 Hijacking Kerberos. . . . . . . . . . . . . . . . . . . . . . 31
2

Activity (5)

You've already reviewed this. Edit your review.
1 hundred reads
Dan liked this
Dan liked this
Deepak Rathore liked this
Rahul Tyagi liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->